Don't filter the yarn2nix source

nix-community / yarn2nix

Generate nix expressions from a yarn.lock file [maintainer=???]

GNU General Public License v3.0

123 stars 61 forks source link

Don't filter the yarn2nix source #103

Closed michaelpj closed 4 years ago

michaelpj commented 5 years ago

Fixes #102 .

This is unfortunate in that we'll pull more stuff into the store and rebuild more often. But the current version doesn't work in restricted eval mode on hydra, and even a trivial use of builtins.filterSource causes that.

michaelpj commented 4 years ago

This is still a problem - any chance this could be merged?

michaelpj commented 4 years ago

Okay, I think I've pinpointed the issue a bit more: this only causes problems trying to build yarn2nix itself on hydra. Which is still quite helpful to be able to do.

michaelpj commented 4 years ago

And indeed this appears to no longer be enough to fix the problem :/ There are more places where e.g. src + "/package.json" is accessed...

nightkr commented 4 years ago

src + "/package.json" shouldn't cause an IFD AFAIK, from my experiments ./foo/bar and ./foo + "/bar" are equivalent expressions.

michaelpj commented 4 years ago

To be clear, it's not IFD per se. The errors I get are like this:

error: access to path '/nix/store/9c7q9q0ma2i5bcgkv5whpyx5l62v7ply-yarn2nix/package.json' is forbidden in restricted mode

So what's going on is that the yarn2nix source gets sucked into the nix store, and then when we access src + '/package.json' that is apparently not allowed. I don't entirely understand why, to be honest.

ghost commented 4 years ago

@edolstra do you have any idea why this fails?

ghost commented 4 years ago

I ran into the same issue while trying to use yarn2nix in a flake. You can reproduce the problem by running nix run github:hopglass/hopglass-server/12ace3c

michaelpj commented 4 years ago

Looks like it got fixed better.

zimbatm commented 4 years ago

I think it's still an issue for users of yarn2nix. Make sure to pass the package.json explicitly if you are filtering the source.

shmish111 commented 4 years ago

Can we reopen this, it's still broken for me in restricted mode on Hydra, see https://hydra.iohk.io/jobset/Cardano/plutus-pr-1962#tabs-errors for https://github.com/input-output-hk/plutus/pull/1962

ghost commented 4 years ago

Hi, you are using nixpkgs from the nixos-19.09 branch in your repository, which does not yet have https://github.com/NixOS/nixpkgs/commit/ed90e59fc293c412c2a4f51024932a4245384549. This would be required to fix the build in restricted mode. You could either update nixpkgs to nixos-20.03 branch or add the latest version of the yarn2nix repository as an additional source to yourn niv environment and use mkYarnPackage and yarn2nix from here.

shmish111 commented 4 years ago

ok thanks, I look forward to us upgrading to 20.03 :)